A non-password-protected database containing over 25,000 records, including highly sensitive documents, was recently discovered by security researcher Jeremiah Fowler from Website Planet. The exposed database belonged to Kings of Translation, a New York-based translation service provider.
The exposed data, as revealed in Fowler’s research, contained personally identifiable information (PII), internal screenshots of the source code, and customer documents stored in the uploads folder. These customer documents included passports, driver licenses, business documents, denied visa petitions, birth and marriage records, and US Federal and State tax filings. The database contained approximately 25,601 records from customers around the world.
Fowler identified the owner of the database by finding invoices and references linked to Kings of Translation. This discovery marked the first time he came across data from a translation service and its customers. It was also the first time he encountered such a wide range of documents in a database.
The exposure of this database raised significant security concerns. Since Kings of Translation collected various types of documents due to its translation services, the exposed data was highly sensitive. Many of the documents were required by educational institutions or foreign governments, making them essential for the individuals involved. Furthermore, the documents revealed personal details such as birth, marriage, divorce, and death certificates.
Among the exposed documents shared by Fowler were a Florida driver’s license, a letter from a Ukrainian ambassador, and an FBI background check document. The leak also included legal documents like court documents, contracts, and certificates that needed translation to comply with legal requirements. The exposure of such documents could make individuals vulnerable to tax fraud, identity theft, or other forms of cybercrime.
Fowler immediately notified Kings of Translation about the exposed database, and public access to the database was restricted on the same day. However, it is uncertain how long the database remained publicly exposed before being secured, as Fowler was unable to determine the duration. As of writing, Kings of Translation has not responded to the researcher’s notification.
The incident underscores the importance of strong security measures and protection of customer data. Businesses, especially those handling sensitive information, must ensure that their databases are properly secured with password protection and other necessary security measures. Failure to do so can result in severe consequences, including financial losses and damage to the reputation of the company and its clients.
In light of this recent exposure, individuals must also be cautious about the personal information they provide when using online services. It is crucial to review the privacy and security policies of service providers to ensure that their data is adequately protected. Additionally, individuals should regularly monitor their accounts for any signs of unauthorized activity and take immediate action if suspicious behavior is detected.
As cybersecurity threats continue to evolve, both businesses and individuals must remain vigilant and proactive in protecting sensitive data. Regular security audits, employee training on data protection, and the use of encryption and other security technologies can help prevent and mitigate data breaches. With concerted efforts, the risks associated with online data exposure can be minimized, ensuring the safety and privacy of individuals and businesses alike.